As a customer's headcount grows, Semgrep's

This pricing model turns customer growth into built in net revenue retention. Semgrep charges by contributing developer, so when an engineering team adds new committers to private repos, billable usage rises with almost no extra selling work. That is especially powerful in security, where the dashboard users are often a small AppSec team but the real surface area being scanned is the full engineering org.

• Semgrep lists Teams pricing at $40 per contributor per month for Code, and defines a contributor as someone committing to scanned private repositories. That makes the meter concrete and hard to game, because usage follows actual code authors, not named security seats.
  1 sacra 2 semgrep
• This is the same economic pattern that makes GitHub Code Security sticky at $30 per active committer per month. Both tools expand when more developers touch production code, but Semgrep gets an extra lift from its open source engine seeding adoption before procurement starts.
  3 semgrep 4 github 5 sacra
• The tradeoff is that seat linked pricing also invites direct comparison with bundled platform options. GitHub sells code security per active committer, and GitLab includes application security inside Ultimate, so Semgrep has to keep proving that better signal and workflow fit justify a separate line item.
  3 semgrep 4 github 6 gitlab

Going forward, the biggest upside is that every new developer, repo, and AI coding workflow can raise account value without changing the sales motion. The companies that win this market will be the ones that attach security spend directly to code creation, then layer higher value modules on top of that expanding developer base.